9a6b49e50efb19e307316f748ff1e27f992afc31976f5fd3c1007ab622d2fe6e | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 14:10

Sharing

Report Analysis Logs

General

Target

1b0b646d6ed46b64a3faf94c7d08b8a3.dll
Size

29KB
MD5

1b0b646d6ed46b64a3faf94c7d08b8a3
SHA1

818b9244a76c8214abc68b1d3b20cd5f4ba890a6
SHA256

9a6b49e50efb19e307316f748ff1e27f992afc31976f5fd3c1007ab622d2fe6e
SHA512

e3237ad870164c51e542c35590be7bd8c02c869e3008ba9a4f2003376420a143159ce53e0929ca2926b7d45b13591896dd921ea480ea1e9680215aec258a23cb
SSDEEP

768:iWT/QpTP1yUSkQldg7DGwMQNekdobhIO:FT/QpBy2MQckGN7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2032	1044	rundll32.exe	16
PID 1044 wrote to memory of 2032	1044	rundll32.exe	16
PID 1044 wrote to memory of 2032	1044	rundll32.exe	16
PID 1044 wrote to memory of 2032	1044	rundll32.exe	16
PID 1044 wrote to memory of 2032	1044	rundll32.exe	16
PID 1044 wrote to memory of 2032	1044	rundll32.exe	16
PID 1044 wrote to memory of 2032	1044	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b0b646d6ed46b64a3faf94c7d08b8a3.dll,#1
1⤵
PID:2032

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b0b646d6ed46b64a3faf94c7d08b8a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads